Using different TCP/IP stacks for different tenants on a multi-tenant host
Abstract
Multiple TCP/IP stack processors on a host. The multiple TCP/IP stack processors are provided independently of TCP/IP stack processors implemented by virtual machines on the host. The TCP/IP stack processors provide multiple different default gateway addresses for use with multiple processes. The default gateway addresses allow a service to communicate across an L3 network. Processes outside of virtual machines that utilize the TCP/IP stack processor on a first host can benefit from using their own gateway, and communicate with their peer process on a second host, regardless of whether the second host is located within the same subnet or a different subnet. The multiple TCP/IP stack processors can use separately allocated resources. Separate TCP/IP stack processors can be provided for each of multiple tenants on the host. Separate loopback interfaces of multiple TCP/IP stack processors can be used to create separate containment for separate sets of processes on a host.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method of separating tenant data on an electronic computing device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the method comprising:
implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and
for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor,
wherein the first and second sets of processes execute outside of any tenant VM.
2. The method of claim 1 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
3. The method of claim 1 , wherein the electronic device implements a user space and a kernel space.
4. The method of claim 3 , wherein the first set of processes is implemented in the user space.
5. The method of claim 3 , wherein the first set of processes is implemented in the kernel space.
6. The method of claim 1 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.
7. The method of claim 1 , wherein the first set of processes comprises hypervisor service processes.
8. A non-transitory machine readable medium storing a program which when executed by at least one processing unit separates tenant data on an electronic computing device that implements virtual machines (VMs) for a plurality of tenants, the program comprising sets of instructions for:
implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and
for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor,
wherein the first and second sets of processes execute outside of any tenant VM.
9. The non-transitory machine readable medium of claim 8 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
10. The non-transitory machine readable medium of claim 8 , wherein the electronic device implements a user space and a kernel space.
11. The non-transitory machine readable medium of claim 10 , wherein the first set of processes is implemented in the user space.
12. The non-transitory machine readable medium of claim 10 , wherein the first set of processes is implemented in the kernel space.
13. The non-transitory machine readable medium of claim 8 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.
14. The non-transitory machine readable medium of claim 8 , wherein the first set of processes comprises a virtual machine migrator process.
15. An electronic device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the electronic device comprising:
at least one processing unit;
a non-transitory machine readable medium storing a program which when executed by the processing unit keeps the tenant data of each tenant separate from the tenant data of other tenants, the program comprising sets of instructions for:
implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor to prevent data from being sent to a second tenant; and
for a second set of non-tenant VM processes implemented for the second tenant, sending data from the second set of processes through a second TCP/IP stack processor to prevent data from being sent to the first tenant
wherein the first and second sets of processes execute outside of any tenant VM.
16. The electronic device of claim 15 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
17. The electronic device of claim 15 , wherein the electronic device implements a user space and a kernel space.
18. The electronic device of claim 17 , wherein the first set of processes is implemented in the user space.
19. The electronic device of claim 17 , wherein the first set of processes is implemented in the kernel space.
20. The electronic device of claim 15 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.